Basic Rule Management:
sudo iptables -L # List rules in filter table
sudo iptables -L -n # List with numeric output (no DNS lookup)
sudo iptables -L -v # List with verbose output (packet counts)
sudo iptables -t nat -L # List rules in NAT table
To stop every single packet from going in/out of your system. For security reasons, make sure to do this so that no other packet that you explicitly specify, is going to be transferred.
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT DROP
sudo iptables -P FORWARD DROP
To allow packets inside your loopback interface to travel without problem.
These commands allow DNS and DHCP traffic:
DNS Rules (Port 53):
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
-
Allow outgoing DNS queries to DNS servers
-
Port 53 is the standard DNS port
-
UDP is most common for DNS, TCP for large responses
-
Enables your computer to resolve domain names (google.com → IP address)
DHCP Rules (Ports 67-68):
bashiptables -A INPUT -p udp --dport 67 -j ACCEPT
iptables -A INPUT -p tcp --dport 67 -j ACCEPT
iptables -A OUTPUT -p udp --dport 68 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 68 -j ACCEPT
-
Port 67 (INPUT): Allow incoming DHCP responses from DHCP server
-
Port 68 (OUTPUT): Allow outgoing DHCP requests to DHCP server
-
Enables automatic IP address assignment from your router/network
What happens without these rules:
-
No DNS: Can't resolve website names, only IP addresses work
-
No DHCP: Can't automatically get IP address from router
-
Network breaks: Most internet functionality stops working